function IsValid($credentials) { syslog(LOG_INFO, "isvalid"); if (!isset($credentials['username'])) { return false; } // Find this user $r = $GLOBALS['sql']->queryRow("SELECT * FROM user " . "WHERE username = '******'username']) . "'"); // If the user isn't found, false if (!$r['id']) { return false; } if (LOGLEVEL < 1 || (LOG_HIPAA || LOG_LOGIN)) { syslog(LOG_INFO, "FreeMED.Authentication_Basic| verify_auth login attempt {$user} "); } $db_pass = $r['userpassword']; // Check password if ($credentials['password'] == $r['userpassword']) { // Set session vars unset($r['userpassword']); HTTP_Session2::set('authdata', array("username" => $credentials['username'], "user" => $r['id'], "user_record" => $r)); // Set ipaddr for SESSION_PROTECTION HTTP_Session2::set('ipaddr', $_SERVER['REMOTE_ADDR']); // Authorize if (LOGLEVEL < 1 || LOG_ERRORS || (LOG_HIPAA || LOG_LOGIN)) { syslog(LOG_INFO, "FreeMED.Authentication_Basic| verify_auth successful login"); } $log = freemed::log_object(); $log->SystemLog(LOG__SECURITY, 'Authentication', get_class($this), "Successfully logged in"); return true; } else { // check password // Failed password check HTTP_Session2::set('authdata', null); HTTP_Session2::set('ipaddr', null); if (LOGLEVEL < 1 || LOG_ERRORS || (LOG_HIPAA || LOG_LOGIN)) { syslog(LOG_INFO, "FreeMED.Authentication_Basic| verify_auth failed login"); } $log = freemed::log_object(); $log->SystemLog(LOG__SECURITY, 'Authentication', get_class($this), "Failed login"); return false; } // end check password }
private function _startSession() { // Start the session TIP::startSession(); $this->_session_started = true; // Set $_referer $request = HTTP_Session2::get('request'); $referer = HTTP_Session2::get('referer'); if (is_null($request)) { // Entry page or new session: the referer is the main page $this->_referer = null; } elseif ($this->_request['uri'] == $referer['uri']) { // Current URI equals to the old referer URI: probably a back action $this->_referer = null; } elseif ($this->_request['module'] != $request['module'] || $this->_request['action'] != $request['action']) { // New action: the referer is the previous request $this->_referer = $request; } else { // Same action: leave the old referer $this->_referer = $referer; } if (!is_array($this->_referer)) { $this->_referer = array('uri' => TIP::getHome(), 'module' => null, 'action' => null); $this->_referer['action'] = null; } $this->keys['REFERER'] = $this->_referer['uri']; // Store request and referer HTTP_Session2::set('referer', $this->_referer); HTTP_Session2::set('request', $this->_request); // Profiler initialization in "admin" mode if ($this->keys['IS_ADMIN']) { require_once 'Benchmark/Profiler.php'; $GLOBALS['_tip_profiler'] = new Benchmark_Profiler(); $GLOBALS['_tip_profiler']->start(); } }
/** * Perform a vote action * * Runs the 'vote_template' template to get a confirmation on the vote and * adds the vote if confirmed. * * @param int $id The poll id * @param int $answer The answer id * @return bool true on success or false on errors */ protected function actionVote($id, $answer) { $expiration = @HTTP_Session2::get($this->id . '.expiration'); $voting = @HTTP_Session2::get($this->id . '.voting'); if ($voting && time() < $expiration) { TIP::notifyError('double'); return false; } if (is_null($row =& $this->fromRow($id, false))) { return false; } if (is_null($answer_label = $this->getField('answer' . $answer))) { TIP::notifyError('wrongparams'); $this->endView(); return false; } if (@TIP::getGet('process', 'int') == 1) { if (!$voting) { TIP::notifyError('nocookies'); $this->endView(); return false; } $old_row = $row; ++$row['votes' . $answer]; $this->_onDataRow($row); $this->data->updateRow($row, $old_row); HTTP_Session2::set($this->id . '.voting', false); HTTP_Session2::set($this->id . '.expiration', strtotime($this->expiration)); $this->appendToPage($this->view_template); } else { HTTP_Session2::set($this->id . '.voting', true); $this->appendToPage($this->vote_template); } $this->endView(); return true; }
private function _validate() { if ($this->action == TIP_FORM_ACTION_DELETE || $this->action == TIP_FORM_ACTION_CUSTOM) { // Special case: GET driven form $this->_form->freeze(); return TIP::getGet('process', 'int') == 1; } // Add element and form rules isset($this->validator) && $this->_form->addFormRule($this->validator); foreach (array_keys($this->fields) as $id) { if ($this->_form->elementExists($id)) { $this->_addGuessedRules($id); $this->_addCustomRules($id); } } $stage_id = $this->id . '.stage'; $last_stage = HTTP_Session2::get($stage_id); if (!$this->_form->isSubmitted() || isset($last_stage) && $last_stage < $this->_stage) { HTTP_Session2::set($stage_id, $this->_stage); $valid = false; } elseif (is_null($last_stage)) { // No last stage defined TIP::notifyError('double'); $valid = null; } else { // Validation $this->_form->applyFilter('__ALL__', array('TIP', 'extendedTrim')); $valid = $this->_form->validate(); } // Perform uploads (if needed) if (is_callable(array('HTML_QuickForm_attachment', 'doUploads'))) { HTML_QuickForm_attachment::doUploads($this->_form); } return $valid; }
function ValidSession() { // Associate "SESSION" with proper session variable $PHP_SELF = $_SERVER['PHP_SELF']; // Check for authdata array if (is_array(HTTP_Session2::get('authdata'))) { // Check to see if ipaddr is set or not... if (!SESSION_PROTECTION) { return true; } else { if (!empty(HTTP_Session2::get('ipaddr'))) { if (HTTP_Session2::get('ipaddr') == $_SERVER['REMOTE_ADDR']) { // We're already authorized return true; } else { // IP address has changed, ERROR HTTP_Session2::set('ipaddr', null); syslog(LOG_INFO, "Authentication Layer| IP address changed for session"); return false; } // end checking ipaddr } else { // Force check if no ip address is present. This // should get around null IPs getting set by // accident without compromising security. return false; } // end if isset ipaddr } // end checking for SESSION_PROTECTION } // end checking for authdata in session // If all else fails, return false return false; }
/** * セッション変数マージ * * 既存の値とマージしてセッション保存します。 * * @param string $key キー * @param mixed $values 値 * * @return void */ public function merge($key, $values) { $this->_start(); $key = $this->_config['prefix'] . $key; $old = HTTP_Session2::get($key); if (is_array($old)) { $values = array_merge_recursive($old, $values); } $return = HTTP_Session2::set($key, $values); $log = array('key' => $key, 'val' => $values, 'result' => $return); $this->_log->log('Session[Merge]', $log); }
function patient_push($patient) { $patient_history = HTTP_Session2::get('patient_history'); // Import it if it exists if (isset($patient_history)) { // Clean out null entries... and rogue arrays foreach ($patient_history as $k => $v) { if (!$v) { unset($patient_history[$k]); } if (is_array($v)) { unset($patient_history[$k]); } } // end foreach // Check to see if this is the last item on the list... // ... kick out without adding. if ($patient_history[count($patient_history)] == $patient) { // Reimport due to cleaning HTTP_Session2::set('patient_history', $patient_history); // And we don't have to add it, exit with true return true; } // end checking if we just saw them... } // end checking for existing history // Add to the list of pages $patient_history[] = $patient; // Reimport into SESSION HTTP_Session2::set('patient_history', $patient_history); }
function toHtml() { // The captcha must desappear in frozen state if ($this->_flagFrozen) { return ''; } switch ($this->_method) { case 'Numbers_Words': require_once 'Numbers/Words.php'; isset($this->_value) || ($this->_value = rand(1, 1000)); $html = ucfirst(Numbers_Words::toWords($this->_value, $this->_locale)); $html .= ' ' . parent::toHtml(); break; default: $html = ''; } HTTP_Session2::set('_HTML_QuickForm_captcha', $this->_value); return $html; }
public function SessionPopulate() { syslog(LOG_INFO, "SessionPopulate called"); if (!$this->LoggedIn()) { return false; } syslog(LOG_INFO, "SessionPopulate called, proceeding"); $u = freemed::user_cache(); // Pull user options $r = $u->local_record; $s = unserialize($r['usermanageopt']); if ($s) { $r['usermanageopt'] = $s; } $authdata = HTTP_Session2::get('authdata'); $authdata['user_record'] = $r; HTTP_Session2::set('authdata', $authdata); return true; }
} //----- Gettext and language settings if (isset($_REQUEST['_l'])) { // Handle template language changes HTTP_Session2::set('language', $_REQUEST['_l']); } elseif (HTTP_Session2::get('language')) { // Pull from cookie (do nothing) } else { // Use the default HTTP_Session2::set('language', DEFAULT_LANGUAGE); } $GLOBALS['freemed']['__language'] = HTTP_Session2::get('language'); // Set default facility from parameter if it exists if (isset($_REQUEST['_f'])) { // Handle template language changes HTTP_Session2::set('default_facility', $_REQUEST['_f'] + 0); } // Load ACL routines if (!defined('SKIP_SQL_INIT')) { include_once dirname(__FILE__) . "/acl.php"; } } // *************************************************************** // Load Gettext routines include_once dirname(__FILE__) . "/i18n.php"; include_once dirname(__FILE__) . "/API.php"; // API functions include_once dirname(__FILE__) . "/macros.php"; // macros/contants //----- Create Log target openlog("freemed", LOG_PID | LOG_PERROR, LOG_LOCAL0);